From: Wietse Venema Date: Sun, 3 Sep 2006 05:00:00 +0000 (-0500) Subject: postfix-2.4-20060903 X-Git-Tag: v2.4.0-RC1~40 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c66aa67bb6a604e037a493e1bbad96924333b08b;p=thirdparty%2Fpostfix.git postfix-2.4-20060903 --- diff --git a/postfix/HISTORY b/postfix/HISTORY index 5f0dc360a..5a4e44d96 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -12719,8 +12719,37 @@ Apologies for any names omitted. files. Files with too many backward jumps are saved to the "corrupt" directory. File: global/record.c. +20060831 + + Bugfix (introduced with initial implementation): missing + "dict_errno = 0" caused mis-leading error messages after + non-error lookup failure. Victor Duchovni. File: + util/dict_cidr.c. + + Robustness: the default TLS cipher lists were changed from + !foo:ALL into ALL:!foo. Victor Duchovni. Files: + global/mail_params.h and documentation. + +20060902 + + Bugfix (introduced Postfix 2.3): the LMTP client stripped + "inet": from the next-hop destination, but still used the + complete next-hop from the delivery request. File: + smtp/smtp_connect.c. + +20060903 + + Cleanup: record loop detection. File: global/record.c. + Wish list: + Either document or remove the internal_mail_filter_classes + feature (it's disabled by default). + + Build a command-line test driver for the cleanup engine. + This allows us to generate arbitrary record sequences without + having to hijack mail from the queue. + Make null local-part handling configurable: either expand into mailer-daemon (current bahavior) or disallow (strict behavior, currently implemented only in the SMTP server). diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html index 3b2d15490..83636dd82 100644 --- a/postfix/html/postconf.5.html +++ b/postfix/html/postconf.5.html @@ -11604,7 +11604,7 @@ strongly encouraged to not change this setting.

tls_high_cipherlist -(default: !EXPORT:!LOW:!MEDIUM:ALL:+RC4:@STRENGTH)
+(default: ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH)

The OpenSSL cipherlist for "HIGH" grade ciphers. This defines the meaning of the "high" setting in smtpd_tls_mandatory_ciphers, @@ -11617,7 +11617,7 @@ strongly encouraged to not change this setting.

tls_low_cipherlist -(default: !EXPORT:ALL:+RC4:@STRENGTH)
+(default: ALL:!EXPORT:+RC4:@STRENGTH)

The OpenSSL cipherlist for "LOW" or higher grade ciphers. This defines the meaning of the "low" setting in smtpd_tls_mandatory_ciphers, @@ -11630,7 +11630,7 @@ strongly encouraged to not change this setting.

tls_medium_cipherlist -(default: !EXPORT:!LOW:ALL:+RC4:@STRENGTH)
+(default: ALL:!EXPORT:!LOW:+RC4:@STRENGTH)

The OpenSSL cipherlist for "MEDIUM" or higher grade ciphers. This defines the meaning of the "medium" setting in smtpd_tls_mandatory_ciphers, diff --git a/postfix/html/sendmail.1.html b/postfix/html/sendmail.1.html index c2e465ded..96428e610 100644 --- a/postfix/html/sendmail.1.html +++ b/postfix/html/sendmail.1.html @@ -120,48 +120,49 @@ SENDMAIL(1) SENDMAIL(1) files. -F full_name - Set the sender full name. This is used only with - messages that have no From: message header. + Set the sender full name. This overrides the NAME + environment variable, and is used only with mes- + sages that have no From: message header. -f sender Set the envelope sender address. This is the - address where delivery problems are sent to. With + address where delivery problems are sent to. With Postfix versions before 2.1, the Errors-To: message header overrides the error return address. - -G Gateway (relay) submission, as opposed to initial - user submission. Either do not rewrite addresses - at all, or update incomplete addresses with the + -G Gateway (relay) submission, as opposed to initial + user submission. Either do not rewrite addresses + at all, or update incomplete addresses with the domain information specified with remote_header_re- write_domain. - This option is ignored before Postfix version 2.3. + This option is ignored before Postfix version 2.3. -h hop_count (ignored) - Hop count limit. Use the hopcount_limit configura- + Hop count limit. Use the hopcount_limit configura- tion parameter instead. - -I Initialize alias database. See the newaliases com- + -I Initialize alias database. See the newaliases com- mand above. - -i When reading a message from standard input, don't - treat a line with only a . character as the end of + -i When reading a message from standard input, don't + treat a line with only a . character as the end of input. -L label (ignored) - The logging label. Use the syslog_name configura- + The logging label. Use the syslog_name configura- tion parameter instead. -m (ignored) Backwards compatibility. -N dsn (default: 'delay, failure') - Delivery status notification control. Specify - either a comma-separated list with one or more of - failure (send notification when delivery fails), + Delivery status notification control. Specify + either a comma-separated list with one or more of + failure (send notification when delivery fails), delay (send notification when delivery is delayed), - or success (send notification when the message is - delivered); or specify never (don't send any noti- + or success (send notification when the message is + delivered); or specify never (don't send any noti- fications at all). This feature is available in Postfix 2.3 and later. @@ -170,7 +171,7 @@ SENDMAIL(1) SENDMAIL(1) Backwards compatibility. -oAalias_database - Non-default alias database. Specify pathname or + Non-default alias database. Specify pathname or type:pathname. See postalias(1) for details. -O option=value (ignored) @@ -180,60 +181,60 @@ SENDMAIL(1) SENDMAIL(1) -o8 (ignored) To send 8-bit or binary content, use an appropriate - MIME encapsulation and specify the appropriate -B + MIME encapsulation and specify the appropriate -B command-line option. - -oi When reading a message from standard input, don't - treat a line with only a . character as the end of + -oi When reading a message from standard input, don't + treat a line with only a . character as the end of input. -om (ignored) - The sender is never eliminated from alias etc. + The sender is never eliminated from alias etc. expansions. -o x value (ignored) - Set option x to value. Use the equivalent configu- + Set option x to value. Use the equivalent configu- ration parameter in main.cf instead. -r sender Set the envelope sender address. This is the - address where delivery problems are sent to. With + address where delivery problems are sent to. With Postfix versions before 2.1, the Errors-To: message header overrides the error return address. -R return_limit (ignored) - Limit the size of bounced mail. Use the - bounce_size_limit configuration parameter instead. + Limit the size of bounced mail. Use the + bounce_size_limit configuration parameter instead. - -q Attempt to deliver all queued mail. This is imple- + -q Attempt to deliver all queued mail. This is imple- mented by executing the postqueue(1) command. Warning: flushing undeliverable mail frequently - will result in poor delivery performance of all + will result in poor delivery performance of all other mail. -qinterval (ignored) - The interval between queue runs. Use the + The interval between queue runs. Use the queue_run_delay configuration parameter instead. -qRsite - Schedule immediate delivery of all mail that is + Schedule immediate delivery of all mail that is queued for the named site. This option accepts only - site names that are eligible for the "fast flush" - service, and is implemented by executing the + site names that are eligible for the "fast flush" + service, and is implemented by executing the postqueue(1) command. See flush(8) for more infor- mation about the "fast flush" service. -qSsite - This command is not implemented. Use the slower + This command is not implemented. Use the slower "sendmail -q" command instead. - -t Extract recipients from message headers. These are - added to any recipients specified on the command + -t Extract recipients from message headers. These are + added to any recipients specified on the command line. - With Postfix versions prior to 2.1, this option - requires that no recipient addresses are specified + With Postfix versions prior to 2.1, this option + requires that no recipient addresses are specified on the command line. -U (ignored) @@ -246,63 +247,67 @@ SENDMAIL(1) SENDMAIL(1) This feature is available in Postfix 2.3 and later. -XV (Postfix 2.2 and earlier: -V) - Variable Envelope Return Path. Given an envelope - sender address of the form owner-listname@origin, - each recipient user@domain receives mail with a + Variable Envelope Return Path. Given an envelope + sender address of the form owner-listname@origin, + each recipient user@domain receives mail with a personalized envelope sender address. - By default, the personalized envelope sender - address is owner-listname+user=domain@origin. The - default + and = characters are configurable with - the default_verp_delimiters configuration parame- + By default, the personalized envelope sender + address is owner-listname+user=domain@origin. The + default + and = characters are configurable with + the default_verp_delimiters configuration parame- ter. -XVxy (Postfix 2.2 and earlier: -Vxy) - As -XV, but uses x and y as the VERP delimiter - characters, instead of the characters specified - with the default_verp_delimiters configuration + As -XV, but uses x and y as the VERP delimiter + characters, instead of the characters specified + with the default_verp_delimiters configuration parameter. - -v Send an email report of the first delivery attempt - (Postfix versions 2.1 and later). Mail delivery - always happens in the background. When multiple -v + -v Send an email report of the first delivery attempt + (Postfix versions 2.1 and later). Mail delivery + always happens in the background. When multiple -v options are given, enable verbose logging for debugging purposes. -X log_file (ignored) - Log mailer traffic. Use the debug_peer_list and - debug_peer_level configuration parameters instead. + Log mailer traffic. Use the debug_peer_list and + debug_peer_level configuration parameters instead. SECURITY - By design, this program is not set-user (or group) id. - However, it must handle data from untrusted users or - untrusted machines. Thus, the usual precautions need to + By design, this program is not set-user (or group) id. + However, it must handle data from untrusted users or + untrusted machines. Thus, the usual precautions need to be taken against malicious inputs. DIAGNOSTICS - Problems are logged to syslogd(8) and to the standard + Problems are logged to syslogd(8) and to the standard error stream. ENVIRONMENT MAIL_CONFIG Directory with Postfix configuration files. - MAIL_VERBOSE + MAIL_VERBOSE (value does not matter) Enable verbose logging for debugging purposes. - MAIL_DEBUG + MAIL_DEBUG (value does not matter) Enable debugging with an external command, as spec- - ified with the debugger_command configuration + ified with the debugger_command configuration parameter. + NAME The sender full name. This is used only with mes- + sages that have no From: message header. See also + the -F option above. + CONFIGURATION PARAMETERS - The following main.cf parameters are especially relevant + The following main.cf parameters are especially relevant to this program. The text below provides only a parameter - summary. See postconf(5) for more details including exam- + summary. See postconf(5) for more details including exam- ples. TROUBLE SHOOTING CONTROLS - The DEBUG_README file gives examples of how to trouble + The DEBUG_README file gives examples of how to trouble shoot a Postfix system. debugger_command (empty) @@ -310,29 +315,29 @@ SENDMAIL(1) SENDMAIL(1) mon program is invoked with the -D option. debug_peer_level (2) - The increment in verbose logging level when a - remote client or server matches a pattern in the + The increment in verbose logging level when a + remote client or server matches a pattern in the debug_peer_list parameter. debug_peer_list (empty) - Optional list of remote client or server hostname - or network address patterns that cause the verbose - logging level to increase by the amount specified + Optional list of remote client or server hostname + or network address patterns that cause the verbose + logging level to increase by the amount specified in $debug_peer_level. ACCESS CONTROLS Available in Postfix version 2.2 and later: authorized_flush_users (static:anyone) - List of users who are authorized to flush the + List of users who are authorized to flush the queue. authorized_mailq_users (static:anyone) List of users who are authorized to view the queue. authorized_submit_users (static:anyone) - List of users who are authorized to submit mail - with the sendmail(1) command (and with the privi- + List of users who are authorized to submit mail + with the sendmail(1) command (and with the privi- leged postdrop(1) helper command). RESOURCE AND RATE CONTROLS @@ -341,7 +346,7 @@ SENDMAIL(1) SENDMAIL(1) sent in a non-delivery notification. fork_attempts (5) - The maximal number of attempts to fork() a child + The maximal number of attempts to fork() a child process. fork_delay (1s) @@ -349,11 +354,11 @@ SENDMAIL(1) SENDMAIL(1) process. hopcount_limit (50) - The maximal number of Received: message headers + The maximal number of Received: message headers that is allowed in the primary message headers. queue_run_delay (1000s) - The time between deferred queue scans by the queue + The time between deferred queue scans by the queue manager. FAST FLUSH CONTROLS @@ -362,37 +367,37 @@ SENDMAIL(1) SENDMAIL(1) fast_flush_domains ($relay_domains) Optional list of destinations that are eligible for - per-destination logfiles with mail that is queued + per-destination logfiles with mail that is queued to those destinations. VERP CONTROLS The VERP_README file describes configuration and operation - details of Postfix support for variable envelope return + details of Postfix support for variable envelope return path addresses. default_verp_delimiters (+=) The two default VERP delimiter characters. verp_delimiter_filter (-=+) - The characters Postfix accepts as VERP delimiter - characters on the Postfix sendmail(1) command line + The characters Postfix accepts as VERP delimiter + characters on the Postfix sendmail(1) command line and in SMTP commands. MISCELLANEOUS CONTROLS alias_database (see 'postconf -d' output) - The alias databases for local(8) delivery that are + The alias databases for local(8) delivery that are updated with "newaliases" or with "sendmail -bi". command_directory (see 'postconf -d' output) - The location of all postfix administrative com- + The location of all postfix administrative com- mands. config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and + The default location of the Postfix main.cf and master.cf configuration files. daemon_directory (see 'postconf -d' output) - The directory with Postfix support programs and + The directory with Postfix support programs and daemon programs. default_database_type (see 'postconf -d' output) @@ -400,16 +405,16 @@ SENDMAIL(1) SENDMAIL(1) postalias(1) and postmap(1) commands. delay_warning_time (0h) - The time after which the sender receives the mes- + The time after which the sender receives the mes- sage headers of mail that is still queued. enable_errors_to (no) - Report mail delivery errors to the address speci- - fied with the non-standard Errors-To: message - header, instead of the envelope sender address - (this feature is removed with Postfix version 2.2, - is turned off by default with Postfix version 2.1, - and is always turned on with older Postfix ver- + Report mail delivery errors to the address speci- + fied with the non-standard Errors-To: message + header, instead of the envelope sender address + (this feature is removed with Postfix version 2.2, + is turned off by default with Postfix version 2.1, + and is always turned on with older Postfix ver- sions). mail_owner (postfix) @@ -417,26 +422,26 @@ SENDMAIL(1) SENDMAIL(1) and most Postfix daemon processes. queue_directory (see 'postconf -d' output) - The location of the Postfix top-level queue direc- + The location of the Postfix top-level queue direc- tory. remote_header_rewrite_domain (empty) - Don't rewrite message headers from remote clients + Don't rewrite message headers from remote clients at all when this parameter is empty; otherwise, re- - write message headers and append the specified + write message headers and append the specified domain name to incomplete addresses. syslog_facility (mail) The syslog facility of Postfix logging. syslog_name (postfix) - The mail system name that is prepended to the - process name in syslog records, so that "smtpd" + The mail system name that is prepended to the + process name in syslog records, so that "smtpd" becomes, for example, "postfix/smtpd". trigger_timeout (10s) - The time limit for sending a trigger to a Postfix - daemon (for example, the pickup(8) or qmgr(8) dae- + The time limit for sending a trigger to a Postfix + daemon (for example, the pickup(8) or qmgr(8) dae- mon). FILES @@ -461,7 +466,7 @@ SENDMAIL(1) SENDMAIL(1) VERP_README, Postfix VERP howto LICENSE - The Secure Mailer license must be distributed with this + The Secure Mailer license must be distributed with this software. AUTHOR(S) diff --git a/postfix/html/smtp.8.html b/postfix/html/smtp.8.html index 9ea0a828c..fb57a3a86 100644 --- a/postfix/html/smtp.8.html +++ b/postfix/html/smtp.8.html @@ -417,14 +417,14 @@ SMTP(8) SMTP(8) number generator (PRNG). tls_high_cipherlist - (!EXPORT:!LOW:!MEDIUM:ALL:+RC4:@STRENGTH) + (ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH) The OpenSSL cipherlist for "HIGH" grade ciphers. - tls_medium_cipherlist (!EXPORT:!LOW:ALL:+RC4:@STRENGTH) + tls_medium_cipherlist (ALL:!EXPORT:!LOW:+RC4:@STRENGTH) The OpenSSL cipherlist for "MEDIUM" or higher grade ciphers. - tls_low_cipherlist (!EXPORT:ALL:+RC4:@STRENGTH) + tls_low_cipherlist (ALL:!EXPORT:+RC4:@STRENGTH) The OpenSSL cipherlist for "LOW" or higher grade ciphers. diff --git a/postfix/html/smtpd.8.html b/postfix/html/smtpd.8.html index 7092c7ba1..b4b0a63ed 100644 --- a/postfix/html/smtpd.8.html +++ b/postfix/html/smtpd.8.html @@ -456,14 +456,14 @@ SMTPD(8) SMTPD(8) number generator (PRNG). tls_high_cipherlist - (!EXPORT:!LOW:!MEDIUM:ALL:+RC4:@STRENGTH) + (ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH) The OpenSSL cipherlist for "HIGH" grade ciphers. - tls_medium_cipherlist (!EXPORT:!LOW:ALL:+RC4:@STRENGTH) + tls_medium_cipherlist (ALL:!EXPORT:!LOW:+RC4:@STRENGTH) The OpenSSL cipherlist for "MEDIUM" or higher grade ciphers. - tls_low_cipherlist (!EXPORT:ALL:+RC4:@STRENGTH) + tls_low_cipherlist (ALL:!EXPORT:+RC4:@STRENGTH) The OpenSSL cipherlist for "LOW" or higher grade ciphers. diff --git a/postfix/makedefs b/postfix/makedefs index 3c58c676b..595ef9dc5 100644 --- a/postfix/makedefs +++ b/postfix/makedefs @@ -132,6 +132,8 @@ case "$SYSTEM.$RELEASE" in ;; NetBSD.3*) SYSTYPE=NETBSD3 ;; + NetBSD.4*) SYSTYPE=NETBSD4 + ;; BSD/OS.2*) SYSTYPE=BSDI2 ;; BSD/OS.3*) SYSTYPE=BSDI3 diff --git a/postfix/man/man1/sendmail.1 b/postfix/man/man1/sendmail.1 index eba9b7f54..827d48380 100644 --- a/postfix/man/man1/sendmail.1 +++ b/postfix/man/man1/sendmail.1 @@ -101,7 +101,8 @@ With all Postfix versions, you can specify a directory pathname with the MAIL_CONFIG environment variable to override the location of configuration files. .IP "\fB-F \fIfull_name\fR -Set the sender full name. This is used only with messages that +Set the sender full name. This overrides the NAME environment +variable, and is used only with messages that have no \fBFrom:\fR message header. .IP "\fB-f \fIsender\fR" Set the envelope sender address. This is the address where @@ -239,11 +240,15 @@ stream. .fi .IP \fBMAIL_CONFIG\fR Directory with Postfix configuration files. -.IP \fBMAIL_VERBOSE\fR +.IP "\fBMAIL_VERBOSE\fR (value does not matter)" Enable verbose logging for debugging purposes. -.IP \fBMAIL_DEBUG\fR +.IP "\fBMAIL_DEBUG\fR (value does not matter)" Enable debugging with an external command, as specified with the \fBdebugger_command\fR configuration parameter. +.IP \fBNAME\fR +The sender full name. This is used only with messages that +have no \fBFrom:\fR message header. See also the \fB-F\fR +option above. .SH "CONFIGURATION PARAMETERS" .na .nf diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5 index c37d800ba..3c387c2bf 100644 --- a/postfix/man/man5/postconf.5 +++ b/postfix/man/man5/postconf.5 @@ -7044,21 +7044,21 @@ level and is the default cipherlist for the SMTP server. You are strongly encouraged to not change this setting. .PP This feature is available in Postfix 2.3 and later. -.SH tls_high_cipherlist (default: !EXPORT:!LOW:!MEDIUM:ALL:+RC4:@STRENGTH) +.SH tls_high_cipherlist (default: ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH) The OpenSSL cipherlist for "HIGH" grade ciphers. This defines the meaning of the "high" setting in smtpd_tls_mandatory_ciphers, smtp_tls_mandatory_ciphers and lmtp_tls_mandatory_ciphers. You are strongly encouraged to not change this setting. .PP This feature is available in Postfix 2.3 and later. -.SH tls_low_cipherlist (default: !EXPORT:ALL:+RC4:@STRENGTH) +.SH tls_low_cipherlist (default: ALL:!EXPORT:+RC4:@STRENGTH) The OpenSSL cipherlist for "LOW" or higher grade ciphers. This defines the meaning of the "low" setting in smtpd_tls_mandatory_ciphers, smtp_tls_mandatory_ciphers and lmtp_tls_mandatory_ciphers. You are strongly encouraged to not change this setting. .PP This feature is available in Postfix 2.3 and later. -.SH tls_medium_cipherlist (default: !EXPORT:!LOW:ALL:+RC4:@STRENGTH) +.SH tls_medium_cipherlist (default: ALL:!EXPORT:!LOW:+RC4:@STRENGTH) The OpenSSL cipherlist for "MEDIUM" or higher grade ciphers. This defines the meaning of the "medium" setting in smtpd_tls_mandatory_ciphers, smtp_tls_mandatory_ciphers and lmtp_tls_mandatory_ciphers. This is diff --git a/postfix/man/man8/smtp.8 b/postfix/man/man8/smtp.8 index 40d18484b..1dd18024c 100644 --- a/postfix/man/man8/smtp.8 +++ b/postfix/man/man8/smtp.8 @@ -347,11 +347,11 @@ The server certificate peername verification method for the The number of pseudo-random bytes that an \fBsmtp\fR(8) or \fBsmtpd\fR(8) process requests from the \fBtlsmgr\fR(8) server in order to seed its internal pseudo random number generator (PRNG). -.IP "\fBtls_high_cipherlist (!EXPORT:!LOW:!MEDIUM:ALL:+RC4:@STRENGTH)\fR" +.IP "\fBtls_high_cipherlist (ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH)\fR" The OpenSSL cipherlist for "HIGH" grade ciphers. -.IP "\fBtls_medium_cipherlist (!EXPORT:!LOW:ALL:+RC4:@STRENGTH)\fR" +.IP "\fBtls_medium_cipherlist (ALL:!EXPORT:!LOW:+RC4:@STRENGTH)\fR" The OpenSSL cipherlist for "MEDIUM" or higher grade ciphers. -.IP "\fBtls_low_cipherlist (!EXPORT:ALL:+RC4:@STRENGTH)\fR" +.IP "\fBtls_low_cipherlist (ALL:!EXPORT:+RC4:@STRENGTH)\fR" The OpenSSL cipherlist for "LOW" or higher grade ciphers. .IP "\fBtls_export_cipherlist (ALL:+RC4:@STRENGTH)\fR" The OpenSSL cipherlist for "EXPORT" or higher grade ciphers. diff --git a/postfix/man/man8/smtpd.8 b/postfix/man/man8/smtpd.8 index b0865010b..2794c906b 100644 --- a/postfix/man/man8/smtpd.8 +++ b/postfix/man/man8/smtpd.8 @@ -378,11 +378,11 @@ instead of using the STARTTLS command. The number of pseudo-random bytes that an \fBsmtp\fR(8) or \fBsmtpd\fR(8) process requests from the \fBtlsmgr\fR(8) server in order to seed its internal pseudo random number generator (PRNG). -.IP "\fBtls_high_cipherlist (!EXPORT:!LOW:!MEDIUM:ALL:+RC4:@STRENGTH)\fR" +.IP "\fBtls_high_cipherlist (ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH)\fR" The OpenSSL cipherlist for "HIGH" grade ciphers. -.IP "\fBtls_medium_cipherlist (!EXPORT:!LOW:ALL:+RC4:@STRENGTH)\fR" +.IP "\fBtls_medium_cipherlist (ALL:!EXPORT:!LOW:+RC4:@STRENGTH)\fR" The OpenSSL cipherlist for "MEDIUM" or higher grade ciphers. -.IP "\fBtls_low_cipherlist (!EXPORT:ALL:+RC4:@STRENGTH)\fR" +.IP "\fBtls_low_cipherlist (ALL:!EXPORT:+RC4:@STRENGTH)\fR" The OpenSSL cipherlist for "LOW" or higher grade ciphers. .IP "\fBtls_export_cipherlist (ALL:+RC4:@STRENGTH)\fR" The OpenSSL cipherlist for "EXPORT" or higher grade ciphers. diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto index f031b6f57..30d07f1bd 100644 --- a/postfix/proto/postconf.proto +++ b/postfix/proto/postconf.proto @@ -10301,7 +10301,7 @@ works in addition to the exclusions listed with smtp_tls_exclude_ciphers

This feature is available in Postfix 2.3 and later.

-%PARAM tls_high_cipherlist !EXPORT:!LOW:!MEDIUM:ALL:+RC4:@STRENGTH +%PARAM tls_high_cipherlist ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH

The OpenSSL cipherlist for "HIGH" grade ciphers. This defines the meaning of the "high" setting in smtpd_tls_mandatory_ciphers, @@ -10310,7 +10310,7 @@ strongly encouraged to not change this setting.

This feature is available in Postfix 2.3 and later.

-%PARAM tls_medium_cipherlist !EXPORT:!LOW:ALL:+RC4:@STRENGTH +%PARAM tls_medium_cipherlist ALL:!EXPORT:!LOW:+RC4:@STRENGTH

The OpenSSL cipherlist for "MEDIUM" or higher grade ciphers. This defines the meaning of the "medium" setting in smtpd_tls_mandatory_ciphers, @@ -10322,7 +10322,7 @@ setting.

This feature is available in Postfix 2.3 and later.

-%PARAM tls_low_cipherlist !EXPORT:ALL:+RC4:@STRENGTH +%PARAM tls_low_cipherlist ALL:!EXPORT:+RC4:@STRENGTH

The OpenSSL cipherlist for "LOW" or higher grade ciphers. This defines the meaning of the "low" setting in smtpd_tls_mandatory_ciphers, diff --git a/postfix/src/cleanup/Makefile.in b/postfix/src/cleanup/Makefile.in index 34a810098..d84538915 100644 --- a/postfix/src/cleanup/Makefile.in +++ b/postfix/src/cleanup/Makefile.in @@ -60,7 +60,7 @@ cleanup_masquerade: cleanup_masquerade.o CLEANUP_MILTER_OBJS = cleanup_state.o cleanup_out.o cleanup_addr.o \ cleanup_out_recipient.o -cleanup_milter: cleanup_milter.o $(CLEANUP_MILTER_OBJS) +cleanup_milter: cleanup_milter.o $(CLEANUP_MILTER_OBJS) $(LIBS) mv cleanup_milter.o junk $(CC) $(CFLAGS) -DTEST -o $@ $@.c $(CLEANUP_MILTER_OBJS) $(LIBS) $(SYSLIBS) mv junk cleanup_milter.o diff --git a/postfix/src/global/mail_params.h b/postfix/src/global/mail_params.h index 3e63728cc..a940e1ec7 100644 --- a/postfix/src/global/mail_params.h +++ b/postfix/src/global/mail_params.h @@ -2648,15 +2648,15 @@ extern bool var_smtp_cname_overr; * TLS cipherlists */ #define VAR_TLS_HIGH_CLIST "tls_high_cipherlist" -#define DEF_TLS_HIGH_CLIST "!EXPORT:!LOW:!MEDIUM:ALL:+RC4:@STRENGTH" +#define DEF_TLS_HIGH_CLIST "ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH" extern char *var_tls_high_clist; #define VAR_TLS_MEDIUM_CLIST "tls_medium_cipherlist" -#define DEF_TLS_MEDIUM_CLIST "!EXPORT:!LOW:ALL:+RC4:@STRENGTH" +#define DEF_TLS_MEDIUM_CLIST "ALL:!EXPORT:!LOW:+RC4:@STRENGTH" extern char *var_tls_medium_clist; #define VAR_TLS_LOW_CLIST "tls_low_cipherlist" -#define DEF_TLS_LOW_CLIST "!EXPORT:ALL:+RC4:@STRENGTH" +#define DEF_TLS_LOW_CLIST "ALL:!EXPORT:+RC4:@STRENGTH" extern char *var_tls_low_clist; #define VAR_TLS_EXPORT_CLIST "tls_export_cipherlist" diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index 44bb8bfd5..501d61b7e 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20060825" +#define MAIL_RELEASE_DATE "20060903" #define MAIL_VERSION_NUMBER "2.4" #ifdef SNAPSHOT diff --git a/postfix/src/global/record.c b/postfix/src/global/record.c index a52003e75..3ef7ca7b5 100644 --- a/postfix/src/global/record.c +++ b/postfix/src/global/record.c @@ -320,10 +320,13 @@ int rec_goto(VSTREAM *stream, const char *buf) msg_warn("%s: malformed pointer record value: %s", VSTREAM_PATH(stream), buf); return (REC_TYPE_ERROR); - } else if (offset < saved_offset && ++reverse_count > REVERSE_JUMP_LIMIT) { + } else if (offset == 0) { + /* Dummy record. */ + return (0); + } else if (offset <= saved_offset && ++reverse_count > REVERSE_JUMP_LIMIT) { msg_warn("%s: too many reverse jump records", VSTREAM_PATH(stream)); return (REC_TYPE_ERROR); - } else if (offset > 0 && vstream_fseek(stream, offset, SEEK_SET) < 0) { + } else if (vstream_fseek(stream, offset, SEEK_SET) < 0) { msg_warn("%s: seek error after pointer record: %m", VSTREAM_PATH(stream)); return (REC_TYPE_ERROR); diff --git a/postfix/src/milter/milter8.c b/postfix/src/milter/milter8.c index 4f5c4d609..2fe60af83 100644 --- a/postfix/src/milter/milter8.c +++ b/postfix/src/milter/milter8.c @@ -143,6 +143,12 @@ #define SMFIR_REPLYCODE 'y' /* reply code etc */ #define SMFIR_QUARANTINE 'q' /* quarantine */ + /* Introduced with Sendmail 8.14. */ +#define SMFIR_ADDRCPT_PAR '2' /* add recipient (incl. ESMTP args) */ +#define SMFIR_CHGFROM 'e' /* change envelope sender (from) */ +#define SMFIR_SETSYMLIST 'l' /* set list of symbols (macros) */ +#define SMFIR_SKIP 's' /* skip */ + /* * Commands that the filter does not want to receive, and replies that the * filter will not send. @@ -154,10 +160,23 @@ #define SMFIP_NOBODY (1L<<4) /* MTA should not send body */ #define SMFIP_NOHDRS (1L<<5) /* MTA should not send headers */ #define SMFIP_NOEOH (1L<<6) /* MTA should not send EOH */ -#define SMFIP_NOHREPL (1L<<7) /* filter will not reply per header */ +#define SMFIP_NR_HDR (1L<<7) /* filter will not reply per header */ +#define SMFIP_NOHREPL SMFIP_NR_HDR #define SMFIP_NOUNKNOWN (1L<<8) /* MTA should not send unknown cmd */ #define SMFIP_NODATA (1L<<9) /* MTA should not send DATA */ + /* Introduced with Sendmail 8.14. */ +#define SMFIP_SKIP 0x00000400L /* MTA understands SMFIS_SKIP */ +#define SMFIP_RCPT_REJ 0x00000800L /* MTA should send rejected RCPTs */ +#define SMFIP_NR_CONN 0x00001000L /* No reply for connect */ +#define SMFIP_NR_HELO 0x00002000L /* No reply for HELO */ +#define SMFIP_NR_MAIL 0x00004000L /* No reply for MAIL */ +#define SMFIP_NR_RCPT 0x00008000L /* No reply for RCPT */ +#define SMFIP_NR_DATA 0x00010000L /* No reply for DATA */ +#define SMFIP_NR_UNKN 0x00020000L /* No reply for UNKN */ +#define SMFIP_NR_EOH 0x00040000L /* No reply for eoh */ +#define SMFIP_NR_BODY 0x00080000L /* No reply for body chunk */ + /* * Modifications that the filter may request at the end of the message body. */ diff --git a/postfix/src/sendmail/sendmail.c b/postfix/src/sendmail/sendmail.c index f7cc4b7ae..4f33a0c04 100644 --- a/postfix/src/sendmail/sendmail.c +++ b/postfix/src/sendmail/sendmail.c @@ -95,7 +95,8 @@ /* with the MAIL_CONFIG environment variable to override the /* location of configuration files. /* .IP "\fB-F \fIfull_name\fR -/* Set the sender full name. This is used only with messages that +/* Set the sender full name. This overrides the NAME environment +/* variable, and is used only with messages that /* have no \fBFrom:\fR message header. /* .IP "\fB-f \fIsender\fR" /* Set the envelope sender address. This is the address where @@ -227,11 +228,15 @@ /* .fi /* .IP \fBMAIL_CONFIG\fR /* Directory with Postfix configuration files. -/* .IP \fBMAIL_VERBOSE\fR +/* .IP "\fBMAIL_VERBOSE\fR (value does not matter)" /* Enable verbose logging for debugging purposes. -/* .IP \fBMAIL_DEBUG\fR +/* .IP "\fBMAIL_DEBUG\fR (value does not matter)" /* Enable debugging with an external command, as specified with the /* \fBdebugger_command\fR configuration parameter. +/* .IP \fBNAME\fR +/* The sender full name. This is used only with messages that +/* have no \fBFrom:\fR message header. See also the \fB-F\fR +/* option above. /* CONFIGURATION PARAMETERS /* .ad /* .fi diff --git a/postfix/src/smtp/smtp.c b/postfix/src/smtp/smtp.c index b6fdad8b0..21a7aab6b 100644 --- a/postfix/src/smtp/smtp.c +++ b/postfix/src/smtp/smtp.c @@ -317,11 +317,11 @@ /* The number of pseudo-random bytes that an \fBsmtp\fR(8) or \fBsmtpd\fR(8) /* process requests from the \fBtlsmgr\fR(8) server in order to seed its /* internal pseudo random number generator (PRNG). -/* .IP "\fBtls_high_cipherlist (!EXPORT:!LOW:!MEDIUM:ALL:+RC4:@STRENGTH)\fR" +/* .IP "\fBtls_high_cipherlist (ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH)\fR" /* The OpenSSL cipherlist for "HIGH" grade ciphers. -/* .IP "\fBtls_medium_cipherlist (!EXPORT:!LOW:ALL:+RC4:@STRENGTH)\fR" +/* .IP "\fBtls_medium_cipherlist (ALL:!EXPORT:!LOW:+RC4:@STRENGTH)\fR" /* The OpenSSL cipherlist for "MEDIUM" or higher grade ciphers. -/* .IP "\fBtls_low_cipherlist (!EXPORT:ALL:+RC4:@STRENGTH)\fR" +/* .IP "\fBtls_low_cipherlist (ALL:!EXPORT:+RC4:@STRENGTH)\fR" /* The OpenSSL cipherlist for "LOW" or higher grade ciphers. /* .IP "\fBtls_export_cipherlist (ALL:+RC4:@STRENGTH)\fR" /* The OpenSSL cipherlist for "EXPORT" or higher grade ciphers. diff --git a/postfix/src/smtp/smtp_connect.c b/postfix/src/smtp/smtp_connect.c index b8fbde19f..3f87e7dc3 100644 --- a/postfix/src/smtp/smtp_connect.c +++ b/postfix/src/smtp/smtp_connect.c @@ -663,9 +663,9 @@ static void smtp_connect_remote(SMTP_STATE *state, const char *nexthop, * primary destination to be a list (it could be just separators). */ sites = argv_alloc(1); - argv_add(sites, request->nexthop, (char *) 0); + argv_add(sites, nexthop, (char *) 0); if (sites->argc == 0) - msg_panic("null destination: \"%s\"", request->nexthop); + msg_panic("null destination: \"%s\"", nexthop); non_fallback_sites = sites->argc; if ((state->misc_flags & SMTP_MISC_FLAG_USE_LMTP) == 0) argv_split_append(sites, var_fallback_relay, ", \t\r\n"); diff --git a/postfix/src/smtpd/smtpd.c b/postfix/src/smtpd/smtpd.c index 7447a2cff..e186a5f8b 100644 --- a/postfix/src/smtpd/smtpd.c +++ b/postfix/src/smtpd/smtpd.c @@ -346,11 +346,11 @@ /* The number of pseudo-random bytes that an \fBsmtp\fR(8) or \fBsmtpd\fR(8) /* process requests from the \fBtlsmgr\fR(8) server in order to seed its /* internal pseudo random number generator (PRNG). -/* .IP "\fBtls_high_cipherlist (!EXPORT:!LOW:!MEDIUM:ALL:+RC4:@STRENGTH)\fR" +/* .IP "\fBtls_high_cipherlist (ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH)\fR" /* The OpenSSL cipherlist for "HIGH" grade ciphers. -/* .IP "\fBtls_medium_cipherlist (!EXPORT:!LOW:ALL:+RC4:@STRENGTH)\fR" +/* .IP "\fBtls_medium_cipherlist (ALL:!EXPORT:!LOW:+RC4:@STRENGTH)\fR" /* The OpenSSL cipherlist for "MEDIUM" or higher grade ciphers. -/* .IP "\fBtls_low_cipherlist (!EXPORT:ALL:+RC4:@STRENGTH)\fR" +/* .IP "\fBtls_low_cipherlist (ALL:!EXPORT:+RC4:@STRENGTH)\fR" /* The OpenSSL cipherlist for "LOW" or higher grade ciphers. /* .IP "\fBtls_export_cipherlist (ALL:+RC4:@STRENGTH)\fR" /* The OpenSSL cipherlist for "EXPORT" or higher grade ciphers. diff --git a/postfix/src/util/dict_cidr.c b/postfix/src/util/dict_cidr.c index 28f075e78..6f12f9f87 100644 --- a/postfix/src/util/dict_cidr.c +++ b/postfix/src/util/dict_cidr.c @@ -78,6 +78,8 @@ static const char *dict_cidr_lookup(DICT *dict, const char *key) if (msg_verbose) msg_info("dict_cidr_lookup: %s: %s", dict->name, key); + dict_errno = 0; + if ((entry = (DICT_CIDR_ENTRY *) cidr_match_execute(&(dict_cidr->head->cidr_info), key)) != 0) return (entry->value); diff --git a/postfix/src/util/sys_defs.h b/postfix/src/util/sys_defs.h index 296806d3e..11499916b 100644 --- a/postfix/src/util/sys_defs.h +++ b/postfix/src/util/sys_defs.h @@ -28,6 +28,7 @@ || defined(BSDI2) || defined(BSDI3) || defined(BSDI4) \ || defined(OPENBSD2) || defined(OPENBSD3) || defined(OPENBSD4) \ || defined(NETBSD1) || defined(NETBSD2) || defined(NETBSD3) \ + || defined(NETBSD4) \ || defined(EKKOBSD1) #define SUPPORTED #include